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DETAILED ACTION 
Response to Amendment 

1 . This action is in response to tine amendment filed on April 21 , 201 0. Claims 2- 
10, and 12-28 were previously pending consideration. 

2. Claims 2-10 and 12-28 are currently pending consideration. 

Response to Arguments 

Applicant's arguments filed on April 21 , 2010 have been fully considered but they 
are not persuasive for the following reasons: 

Regarding claim 21 , the Applicant argues that the Cited Prior Art (CPA), Wood et 
al. (U.S. Patent Pub. US 2004/021071 1), does not disclose that one or more processes 
are associated with a session identification code. This argument is not found 
persuasive. The CPA discloses session continuity in which each interaction (process) 
between the entity and the information environment has a session credential associated 
with it (paragraph 0045). Therefore, each successive interaction and/or on the change 
of a credential level, will issue a new session credential (session identification code) to 
the process (paragraph 0045). The Applicant argues that process and interaction 
cannot be equivalent, but the Examiner asserts that the term process is broad, and 
given the broadest reasonable interpretation, an interaction which involves different 
exchanges of information is analogous to process as defined in the claimed language. 
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Regarding claims 21 and 22, the Applicant argues that the CPA does not teach 
hierarchical processes. This is not found persuasive. The subsequent interactions after 
the original session is created are each created by the first process (of setting up the 
session) and therefore are interpreted as child processes created by a first process 
(paragraph 0045). The Examiner asserts that the first process (the setting up of the 
session) is at top of the hierarchical tree and allows further interactions to occur, the 
further interactions being processes further down the tree. 

Finally, the Applicant argues that the CPA, Wood in view of Carter, does not 
teach the association of the session identification code to the additional process 
comprises adding an identification code of the original session to the process 
information vector. This argument is not found persuasive. Carter discloses a network 
surveillance and security system for monitoring and protecting a computer network that 
uses a process Identification vector to associate a user ID with a unique process ID 
(See paragraph 342 and 363). The information such as the parent process ID, the 
process group ID, session ID, are all tracked with the permissions control matrices 
(Carter: paragraph 0363). The Examiner asserts that a matrix is made up of vectors, 
and associating a session ID with a process ID is analogous to adding them to the same 
vector. Therefore, Carter discloses adding a parent process ID and a process ID to a 
vector and associating them with a session ID (Carter: paragraph 0363). 

Therefore, the arguments are not found persuasive and the rejection is 
maintained and applied to the new claims as given below. 
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Claim Rejections - 35 USC § 102 

(e) the invention was described in (1) an application for patent, publislied under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

7. Claims 2-3, 7-10, 12-13, and 17-22 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Wood et al. (US 2004/0210771). 
Regarding Claims 8, 18, 21, 22, 23, and 24: 

Wood discloses a security system for real time monitoring and controlling of 
communication sessions within a network server environment ("Providing a persistent 
session in a networked information environment includes associating a unique session 
identifier with a set of access requests originating from a client entity and maintaining 
the unique session identifier across a credential level change" See paragraph 11), 
wherein each original session enables operating a sequence of processes including 
operations carried out in the server environment ("Session continuity means the 
maintenance of coherent session state across one or more interaction between an 
entity and an information environment." See paragraph 45), the system having at least 
one server ("A secure information system includes plural information resources host on 
one or servers coupled via a communication network to a client entity." See paragraph 
15) enabling to communicate with a multiplicity of client users ("Client Browser" See fig. 
1 ref. no. 170 and "In general a wide variety of entities, including human users operation 
browser and/or non-browser client applications as well as automated agents or 
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systems, may interact witli enterprise applications and/or resources 190 and the 
security architecture as described herein." See paragraph 41) via at least one 
communication network ("Communication network" See paragraph 15), wherein each 
client user enables accessing portals and operating sessions in the portals ("A variety of 
information resource Identification schemes, such as by Uniform Resource Locator 
(URL), resource address, identifier or namespace designation, may be employed." See 
paragraph 41 ), and at least one module operated by the at least one server 
("Gatekeeper," "Log-In," "Authentication," "Authorization," "Identification," and "Session" 
See fig. 1 ref. nos. 110, 120, 130, 140, 150, and 160), wherein the at least one module 
enables associating a session ID to the original session of the client user ("If no session 
token is present or if a session token is invalid, gatekeeper/entry handler component 
1 10 establishes a new session." See paragraph 47) and to each process in the 
sequence of processes operated by the original session, ("Gatekeeper functionality (e.g. 
In gatekeeper/entry handler component 110) checks whether a session Is already 
associated with the incoming request." See paragraphs 44-47) wherein the session ID 
enables determining an authorization level ("Authenticated Trust Level" See paragraph 
46) of session In accordance with predefined determination rules ("The mapping of login 
credential types and authentication mechanisms to trust levels Is Influenced by 
environment Information such as time of request, source of request, connection speed, 
and/or client application (e.g., browser) environment information." See paragraphs 37- 
38), where the determination rules refer to the properties of the original session 
("Security requirements are expressed in terms of trust levels and login component 120 
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obtains login credentials for an entity requesting access to one of the enterprise 
applications and/or resources 190." See paragraph 35), wherein each session ID is 
related to the manner in which the client user has operated the original session ("The 
login credentials obtained are selected from a set of credential types that, if 
authenticated are sufficient to achieve the trust level requirement of an application or 
Information resource to be accessed." See paragraph 35), wherein each process In the 
sequence is associated in real time with the same session ID of the original session 
enabling the module to continuously monitor operation of each process of each client 
user ("In the case of a pre-existing session, the signed session credential may be 
obtained using a received session token." See paragraph 48), while the at least one 
server enables operating the processes of each original session according to the 
authorization level related to the session ID ("Authorization component 140 may base its 
allow, redirect, or refuse response on a current trust level previously associated with the 
signed session credentials." See paragraph 48). Furthermore, it also teaches 
associating the session identification code of the communication session at least to a 
child process (paragraph 0045: wherein the subsequent interactions after the original 
session Is created are each created by the first process (of setting up the session) and 
therefore are Interpreted as child processes created by a first process) and each child 
process Is operated at the authorization level of the session credential at the time of the 
last credential change (see paragraph 0045). 
Regarding Claims 2 and 12: 
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Wood discloses a filtering module installed at the at least one server for blocking 
unauthorized processes in accordance with determined authorization level 
("Authorization component 140 responds with an allow, redirect, or refuse response 
based on the sufficiency of a current trust level." See paragraph 48). 
Regarding Claims 3 and 13: 

Wood discloses at least one agent installed on the at least one server, the agent 
enable correlating between processes and sessions on different servers ("Gatekeeper 
and entry handler component 110 provides an entry point for external client applications 
requesting access to enterprise applications and/or resources 190, including e.g., 
information resources 191, 192, 193, for which access management is provided by the 
security architecture." See paragraph 33). 
Regarding Claims 7 and 17: 

Wood discloses the identified session properties are sign in parameters ("Login 
component 120 operating in conjunction with gatekeeper/entry handler component 110 
and other components of the security architecture, provides a single sign-on interface 
for access to enterprise applications and/or resources 190." See paragraph 35). 
Regarding Claims 9 and 19: 

Wood discloses the identified session properties are hyperlink session address 
type parameters ("In some configuration, information on line speed, origination point 
(e.g., inside or outside of a corporate network), browser type, encryptions capability, 
number of hops latency, system type, etc. may be gather." See paragraph 43). 
Regarding Claim 10 and 20: 
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Wood discloses the original session is identified according to a unique 
Transmission Control Protocol port ID ("For network connection, similar environment 
information may be obtained from incoming requests themselves or based on a 
particular entry point (e.g. a particular router or port)." See paragraph 43). 
Regarding claims 25 and 26: 

Wood discloses producing a hierarchical structure of processes at the kernel 
level (paragraph 0045) and referring to each process to the hierarchical tree said each 
process belongs to (paragraph 0045: wherein the subsequent interactions after the 
original session is created are each created by the first process (of setting up the 
session) and therefore are interpreted as child processes created by a first process) and 
each child process is operated at the authorization level of the session credential at the 
time of the last credential change (see paragraph 0045). 
Regarding claims 27 and 28: 

Wood discloses that the sequence of processes creates an additional process, 
and the additional process is associated with the session identification code (paragraph 
0045: wherein the subsequent interactions after the original session is created are each 
created by the first process (of setting up the session) and therefore are interpreted as 
child processes created by a first process) and each child process is operated at the 
authorization level of the session credential at the time of the last credential change 
(see paragraph 0045). 



Application/Control Number: 10/596,940 Page 9 

Art Unit: 2431 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary sl^ill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 4-6 and 14-16 are rejected under 35 U.S.C. 103(a) as being obvious over 
Wood et al. (US 2004/0210771) in view of Carter et al. (US 2003/0051026). 

Wood discloses the above stated security architecture for providing access to 
enterprise applications and resources based on a session token's current trust level 
(See paragraph 35). 

Wood does not disclose each process has a process information vector wherein 
the session ID of the original session is added to the process information vector of each 
process in the sequence related to the original session. 

Carter discloses a network surveillance and security system for monitoring and 
protecting a computer network that uses a process identification vector to associate a 
user ID with a unique process ID (See paragraph 342 and 363). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the security architecture disclosed by Wood to include using a 
process identification vector to associate a session ID with a unique process ID such as 
that taught by Carter in order to enable the utilization of matrices to track and control 
information and processes (See Carter paragraph 339). 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of tlie extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KAVEH ABRISHAMKAR whose telephone number is 
(571)272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Korzuch can be reached on 571-272-7589. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Kaveh Abrishamkar/ 
Primary Examiner, Art Unit 2431 

IK. A./ 
06/30/2010 

Primary Examiner, Art Unit 2431 



